"Having a Microsoft code signing certificate is the Holy Grail of malware writers," said Hypponen.

Malware that spoofs and replicates via Microsoft's update system was the "nightmare scenario", he said. The only upside was it wasn't used in a large financially motivated attack, but rather a small scale targeted attack, he said.

HD Moore, chief technology officer for Rapid 7 explained to CSO.com.au Microsoft certificates are significant because of the high level of trust Windows systems place in its root certificates.

"There's a lot of components in Windows that will only load if they're signed by a root authority. Things like ActiveX controls may not pop up a warning if they're signed by Microsoft. The same thing applies to kernel modules," said Moore.

"If you have a rootkit and you install the kernel module you could either get it signed by Global Sign, another kernel vendor, in which case a big pop up occurs, asking 'Do you want to install this driver by this vendor?'. So even in the best case scenario, you will still get a pop up for those drivers. But if it's signed by the Microsoft Root Authority, it bypasses all those pop ups and often bypasses the AV detections as well because they say, 'hey, this is signed by someone we trust, I'm not going to bother signaturing it."